Re: Audit filter by TTY
On Friday, April 26, 2013 10:07:56 AM John Bambenek wrote:
I was playing around and wanted to know if there is plans to allow
audit
rule filters by TTY, or specifically filter when tty != (none) (i.e.
interactive login events).
You can use the pam_tty_audit module to do that. There are no plans to
configure this by auditctl.
-Steve